homepage Welcome to WebmasterWorld Guest from 54.211.47.170
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Visit PubCon.com
Home / Forums Index / Hardware and OS Related Technologies / Website Technology Issues
Forum Library, Charter, Moderators: phranque

Website Technology Issues Forum

    
Securing a Website
Best Way to secure a website
zeekstern




msg:3841695
 1:34 am on Feb 4, 2009 (gmt 0)

Can anyone offer any guidelines on securing a website or point me to a good resource that has this info?

A few of the issues are as follows, but I would like to really secure my sites in any way I can without breaking them.

I've come across sites where I can access their directory and view the contents and would like to prevent that from happening on my site.

Some hosting companies have perms set to 755 while others have 775.

Should a .php or index file ever be executable? It seems to me that they should just be read only, but I don't know how it works with regards to a browser.

I've run across someone selling a script to protect your downloads. I would like to have a download directory, or at least have a setup where I can have various ebooks/pdfs downloadable, but only for the people who buy them. This leads me to believe I can't have one directory with multiple books in them.

Any help or direction is appreciated. I haven't found a Search function on this forum, so obviously I haven't done any leg work before posting:))

Thanks,
Zeek

 

rocknbil




msg:3841731
 2:41 am on Feb 4, 2009 (gmt 0)

Can anyone offer any guidelines on securing a website or point me to a good resource that has this info?

Mmm, lots of ways to go at this, entire books have been written . . . I'll just offer what I know and leave the finer points to real experts . . .

I've come across sites where I can access their directory and view the contents and would like to prevent that from happening on my site.

This is a server configuration, Google for prevent directory browsing.

I would like to have a download directory, or at least have a setup where I can have various ebooks/pdfs downloadable, but only for the people who buy them.

1. Store the files off the public root, that is, if your directory structure is
/domain/public_html

Only the files in public_html are accessible. Create a directory in /domain to store these
/domain/downloadable

2. Write a script to access the files. There are all sorts of security issues to address here (hence my opening comment,) but once you validate the user,

3. Have the script open the file /domain/downloadable/file.pdf

4. While reading in the file, print it out to the browser.

This means no one can bookmark the file or send a URL. They have to be validated first via login.

I haven't found a Search function on this forum

Many moons ago they used to have a piece of code you could paste in your user CP, but it's so simple that's probably why they eliminated it.

In Google,

[searchterm] site:webmasterworld.com

zeekstern




msg:3844196
 12:22 am on Feb 7, 2009 (gmt 0)

Thanks for your help rocknbil. Appreciate it!

Zeek

J_RaD




msg:3847420
 7:12 pm on Feb 11, 2009 (gmt 0)

use amember ?

wmhelp




msg:3857733
 8:00 pm on Feb 25, 2009 (gmt 0)

[url]use amember ?[/quote]

huh?

particleman




msg:3862211
 12:56 am on Mar 4, 2009 (gmt 0)

It is going to depend on what level of complexity your site is and how deep you want to dig into security. From the sounds of it you are running a shared host, probably some sort of open source CMS (wordpress, joomla etc?) or did you write it? If you are just running html pages only, no server side language or DB, most of your trouble would come from an FTP account hack, so have a strong password on your FTP account.

When you mix in php and a Database you start getting into SQL injection, cross site scripting attacks to name a few. Open source software such as word press, joomla, drupal, whatever, basically what you can do in your power is to always make sure they are up to date, that includes any extensions/plugins you have installed.

Mcafee Site advisor kind of does what you are asking, it is expensive.

Also hit up google... [google.com...]

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Website Technology Issues
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved